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DETAILED ACTION 

Specification 

On page 1 1 - 12 of the specification, the word accessible is repeatedly misspelled - 
"accessable" 

Claim Objections 

Claims 1 , 4, 28, and 30 are objected to because they contain what is construed to be a 
typographical error. Ali the claims in question recite " storing said second certificate 
(network address) of said second affiliated entity in a second trusted partner list 
accessible by said second affiliated entity; However, page 11 of the specification 
states The certificate of the second affiliated entity is stored in a trusted partner list 
accessable to the first affiliated entity, at step 360... The network address of the 
second affiliated entity is stored in the trusted partner list accessable to the first 
affiliated entity, at step 360." This contradicts what is stated in the claims in question. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 12 - 16 are rejected under 35 U.S.C. 101 as non-statutory subject matter. 
These claims recite a "system". However, the recited elements are solely "modules" 
which are computer software per se. MPEP 2106.01 I 
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Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 12-27 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. Claim 12 recites "said second affiliated entity". 
However, there is no previous mention of such "second affiliated entity" in the 
independent claim 12, thus showing a lack of antecedent basis. Claim 21 recites "a 
second trusted partner list ". However, there is no previous mention of "a first trusted 
partner list" in the independent claim 21 , thus making the claim vague and indefinite. 
Claim 27 recites "said first session module determines said network address of said 
session module from an HTTP header. " However, in the independent claim 21, there 
are two session modules mentioned. Hence, claim 27 does not explicitly state which 
session module's network address is being determined from an HTTP header by the 
"said first session module", thus making the claim vague and indefinite. 

Claims 13-20 and 22 - 26 are also rejected based on their dependency on 
rejected claims 12 and 21 above 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
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A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1 , 8, 1 2 - 1 5, 1 8 - 1 9, 21 - 22, 24 - 25, and 30 are rejected under 35 

U.S.C. 102(e (1)) as being anticipated by Yasala et al. (USPGPub # 2003/0188156 A1). 

Examiner has pointed out particular references contained in the prior arts of record in 
the body of this action for the convenience of the applicant. Although the specified 
citations are representative of the teachings in the art and are applied to the specific 
limitations within the individual claim, other passages and figures may apply as well. 
Applicant should consider the entire prior art as applicable as to the limitations of the 
claims. It is respectfully requested from the applicant, in preparing the response, to 
consider fully the entire references as potentially teaching all or part of the claimed 
invention, as well as the context of the passage as taught by the prior arts or disclosed 
by the examiner. 

As per claims 1, 8, 12, 21, and 30: Yasala shows a method / system / computer 
readable medium for providing a circle of trust comprising: receiving a first certificate of 
a first affiliated entity by a second affiliated entity (see paragraph 0030); storing said first 
certificate of said first affiliated entity in a first trusted partner list accessible by said 
second affiliated entity (see paragraph 0025, and Figure 3, element 306); receiving a 
second certificate of said second affiliated entity by said first affiliated entity (see 
paragraph 0028); and storing said second certificate of said second affiliated entity in a 
second trusted partner list accessible by said second affiliated entity (see paragraph 
0025, and Figure 3, element 302); wherein access to a resource is controlled as a 
function of said first trusted partner list or said second trusted partner list (see abstract, 
"In one embodiment of the invention is a method to use authentication certificates to 
authorize peers to particular applications"); a first affiliated entity comprising; a first 
administration module (see Figure 3, elements 300 and 322); and a first trusted partner 
list communicatively coupled to said first administration module (see Figure 3, element 
302); and said second affiliated entity comprising; a second administration module (see 
Figure 3, element 304, and paragraph 0043); and a second trusted partner list 
communicatively coupled to said second administration module (see Figure 3, element 
306). 

As per claims 2, 8, and 31: Yasala shows a method / system / computer readable 
medium for providing a circle of trust comprising: initiating user of a resource on a 
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relying party device by a client device (see Figures 2 and 4, steps 202 and 402), 
wherein an authentication assertion reference is provided by a client device (see 
Figures 2 and 4, steps 204 and 404); determining an identity of an issuing party as a 
function of said authentication assertion reference (see Figures 2 and 4, steps 206 and 
406); sending an authentication request containing a certificate of said relying party to 
said issuing party (see Figures 2 and 4, steps 208 and 410); determining if said 
certificate is contained in a trusted partner list of said issuing party (see Figure 4, step 
414, and Figure 3, element 320); sending an authentication assertion, indicating that 
said client has been authenticated, from said issuing party to said relying party when 
said certificate is contained in a trusted partner list of said issuing party (see Figure 4, 
step 418); sending an authentication assertion, indicating that said client has not been 
authenticated, from said issuing party to said relying party when said certificate is not 
contained in said trusted partner list of said issuing party (see Figure 4, step 416); and 
providing said requested resource to said client device by said relying party when said 
authentication assertion indicates that said client has been authenticated (see 
paragraphs 0048 - 0049, and Figures 5 and 6, elements 504 and 302, and 604 with 
302). 

As per claims 3, 11, and 32: Yasala shows the additional limitation - further 
comprising: logging-on to said issuing party utilizing said client device; and 
authenticating said client device by said issuing party (see Figure 4, steps 402 - 418). 



As per claims 13: Yasala shows the additional limitation - wherein said first 
administration module receives said credential of said second affiliated entity (see 
paragraphs 0027 and 0028).^ 



As per claims 14: Yasala shows the additional limitation - wherein said first 
administration module stores said credential of said second affiliated entity in a trusted 
partner list (see paragraph 0025). 



As per claims 15: Yasala shows the additional limitation - wherein said credential 
comprises a certificate (see Figure 3, element 308). 



As per claims 19 and 25: Yasala shows the additional limitation - wherein said first 
session module determines a trusted status of said second affiliated entity as a function 
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of a certificate received from said second session module (see abstract, "In addition to 
using authentication certificates to authenticate the identity and trustworthiness of a 
peer, authentication certificates are additionally used to authorize peers to particular 
applications"). 

As per claims 22: Yasala shows the additional limitation - wherein said first session 
module provides for secure transfer of information for authenticating a user on said 
client device (see paragraphs 0018 and 0019). 



As per claims 18 and 24: Yasala shows the additional limitation - wherein said second 
session module determines the identity of an issuing party as a function of an 
authentication assertion reference received from said client device (see abstract, "In 
addition to using authentication certificates to authenticate the identity and 
trustworthiness of a peer, authentication certificates are additionally used to authorize 
peers to particular applications", and paragraph 0031 ). 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 4, 6, 10, 16, 20, and 26-28 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Yasala et al. (USPGPub # 2003/0188156 A1) in view of Hind et 
al. (US Patent #6,826,690 B1). 

Examiner has pointed out particular references contained in the prior arts of record in 
the body of this action for the convenience of the applicant. Although the specified 
citations are representative of the teachings in the art and are applied to the specific 
limitations within the individual claim, other passages and figures may apply as well. 
Applicant should consider the entire prior art as applicable as to the limitations of the 
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claims. It is respectfully requested from the applicant, in preparing the response, to 
consider fully the entire references as potentially teaching all or part of the claimed 
invention, as well as the context of the passage as taught by the prior arts or disclosed 
by the examiner. 

Here, the Yasala reference has disclosed all the limitations of the rejected claims as it 
has been applied to above. However, Yasala does not teach the use of network 
addresses (internet protocol (IP) addresses) as authentication credentials. 

On the other hand, Hind does teach the use of IP (or network) addresses as 
authentication credentials (see column 11, lines 12-24) described in the claim 6 and 
10 above, which are quite capable of being used as described in claim 4 as well. 



Hence, it would have been obvious to one of ordinary skill in the art to have included the 
methods and technology shown in Hind, into the invention taught by Yasala above, in 
order to make it much more difficult for an attacker to masquerade as a valid source of 
assigned addresses, and to perform various types (such as misdirecting clients or 
severs to use improper addresses, sending corrupted data to a server which has 
requested an address assignment, etc.) in its assumed role (see column 11, lines 33 - 
39 of the Hind reference). This would help ensure that the client (or entity) 
communicates with the legitimate target server (or entity see column 1 1 , lines 45 - 47 of 
the Hind reference). Claims 16, 20, and 26 - 28 have limitations where the use of IP (or 
network) addresses as authentication credentials are strikingly similar to those in claims 
4,6, and 10, and thus are rejected under the same premise. 



Claims 5,9, and 29 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Yasala et al. (USPGPub # 2003/0188156 A1) in view of Hind et al. (US Patent # 
6,826,690 B1). 

Examiner has pointed out particular references contained in the prior arts of record in 
the body of this action for the convenience of the applicant. Although the specified 
citations are representative of the teachings in the art and are applied to the specific 
limitations within the individual claim, other passages and figures may apply as well. 
Applicant should consider the entire prior art as applicable as to the limitations of the 
claims. It is respectfully requested from the applicant, in preparing the response, to 
consider fully the entire references as potentially teaching all or part of the claimed 
invention, as well as the context of the passage as taught by the prior arts or disclosed 
by the examiner. 
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Here, the Yasala reference has disclosed all the limitations of the rejected claims as it 
has been applied to above. However, Yasala does not teach the use of network 
addresses (internet protocol (IP) addresses) as authentication credentials. 

On the other hand, Hind does teach the use of IP (or network) addresses as 
authentication credentials (see column 1 1 , lines 12-24) described in the claim 6 and 
10 above, which are quite capable of being used as described in claim 4 as well. 



Hence, it would have been obvious to one of ordinary skill in the art to have included the 
methods and technology shown in Hind, into the invention taught by Yasala above, in 
order to make it much more difficult for an attacker to masquerade as a valid source of 
assigned addresses, and to perform various types (such as misdirecting clients or 
severs to use improper addresses, sending corrupted data to a server which has 
requested an address assignment, etc.) in its assumed role (see column 1 1 , lines 33 - 
39 of the Hind reference). This would help ensure that the client (or entity) 
communicates with the legitimate target server (or entity see column 1 1 , lines 45 - 47 of 
the Hind reference). Claims 9 and 29 have limitations where the use of IP (or network) 
addresses as authentication credentials are strikingly similar to those in claim 5 (and 2, 
8, and 31 ) and thus are rejected under the same premise. 



Allowable Subject Matter 

Claim 7 is objected to as being dependent upon a rejected base claim, but would 
be allowable if rewritten in independent form including all of the limitations of the base 
claim and any intervening claims. 



Claims 17 and 23 are objected to as being dependent upon a rejected base claim, but 
would be allowable if rewritten in independent form including all of the limitations of the 
base claim and any intervening claims, to overcome the 35 U.S.C. 101 rejections. 



Conclusion 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Corbann A. Banks whose telephone number is (571) 
270-1021. The examiner can normally be reached on Monday - Thursday from 8:30 am 
to 5:00 pm. The examiner can also be reached on alternate Fridays during the same 
hours. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron, can be reached on Monday - Friday, from 8:30 am to 4:30 
pm. His telephone number is (571 ) 272 - 3799. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-91 97 (toll-free). 





Corbann Banks 



GILBERTO BARRON Ott 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



December 04, 2006 



